PEACE: An efficient and secure patient-centric access control scheme for eHealth care system

Abstract

In this paper, we propose an efficient and secure patient-centric access control (PEACE) scheme for the emerging electronic health care (eHealth) system. In order to assure the privacy of patient personal health information (PHI), we define different access privileges to data requesters according to their roles, and then assign different attribute sets to the data requesters. By using these different sets of attribute, we construct the patient-centric access policies of patient PHI. The PEACE scheme can guarantee PHI integrity and confidentiality by adopting digital signature and pseudo-identity techniques. It encompasses identity based cryptography to aggregate remote patient PHI securely. Extensive security and performance analyses demonstrate that the PEACE scheme is able to achieve desired security requirements at the cost of an acceptable communication delay.